| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <cover.1725945912.git.huibo.wang@amd.com> Date: Tue, 10 Sep 2024 06:03:30 +0000 From: Melody Wang <huibo.wang@....com> To: <kvm@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <x86@...nel.org> CC: Sean Christopherson <seanjc@...gle.com>, Paolo Bonzini <pbonzini@...hat.com>, Tom Lendacky <thomas.lendacky@....com>, Ashish Kalra <ashish.kalra@....com>, Michael Roth <michael.roth@....com>, Melody Wang <huibo.wang@....com> Subject: [PATCH v2 0/6] Add SEV-SNP restricted injection hypervisor support Hi all, This is a v2 of the restricted injection hypervisor support patches. The previous version was submitted here: https://lore.kernel.org/r/cover.1722989996.git.huibo.wang@amd.com. Since the previous submission, one issue reported by the kernel test robot was fixed. All comments and review feedback are appreciated. Thanks. Changelog: v1 Operating systems may not handle unexpected interrupt or exception sequences. A malicious hypervisor can inject random interrupt or exception sequences, putting guest drivers or guest OS kernels into an unexpected state, which could lead to security issues. To address this concern, SEV-SNP restricts the injection of interrupts and exceptions to those only allowed by the guest. Restricted Injection disables all hypervisor-based interrupt queuing and event injection for all vectors, allowing only a single vector, #HV (28), which is reserved for SNP guest use but is never generated by hardware. #HV is only permitted to be injected into VMSAs that execute with Restricted Injection. Guests operating with Restricted Injection are expected to communicate with the hypervisor about events via a software-managed para-virtualization interface. This interface can utilize #HV injection as a doorbell to inform the guest that new events have occurred. This patch set implements Restricted Injection on the KVM side directly into VMPL0. Overview: The GHCB 2.0 specification[1] defines #HV doorbell page and the #HV doorbell page NAE event allows for an SEV-SNP guest to register a doorbell page for use with the hypervisor injection exception (#HV). When Restricted Injection is active, only #HV exceptions can be injected into the guest, and the hypervisor follows the GHCB #HV doorbell communication to inject the exception or interrupt. Restricted Injection can be enabled by setting the bit in vmsa_features. The patchset is rebased on the kvm/next (commit 15e1c3d65975524c5c792fcd59f7d89f00402261). Testing: The patchset has been tested with the sev-snp guest, ovmf and qemu supporting restricted injection. Four test sets: 1.ls -lr / 2.apt update 3.fio 4.perf Thanks Melody Melody Wang (6): x86/sev: Define the #HV doorbell page structure KVM: SVM: Add support for the SEV-SNP #HV doorbell page NAE event KVM: SVM: Inject #HV when restricted injection is active KVM: SVM: Inject NMIs when restricted injection is active KVM: SVM: Inject MCEs when restricted injection is active KVM: SVM: Enable restricted injection for an SEV-SNP guest arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/include/asm/sev-common.h | 1 + arch/x86/include/asm/svm.h | 41 +++++ arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/include/uapi/asm/svm.h | 5 + arch/x86/kvm/svm/sev.c | 277 ++++++++++++++++++++++++++++- arch/x86/kvm/svm/svm.c | 44 ++++- arch/x86/kvm/svm/svm.h | 26 ++- arch/x86/kvm/vmx/main.c | 1 + arch/x86/kvm/vmx/vmx.c | 5 + arch/x86/kvm/vmx/x86_ops.h | 1 + arch/x86/kvm/x86.c | 8 + 14 files changed, 408 insertions(+), 5 deletions(-) -- 2.34.1 [1] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf
Powered by blists - more mailing lists